A new app clone grifter shows App Store’s weakness

The venerated 1Password and Afterlight now have clones in the App Store.

The App Store page for a clone of 1Password, a popular security app that stores login information.

A 1Password clone has snuck its way into the App Store with a near-perfect replica of the real deal's logo. The clone version retails for $1.99, $16 less than the price of 1 Password developer Agile Bits' original login-storing app. The clone looks to be of dubious origin, as do a handful of other cloned apps submitted by the same developer.

Apple's walled-garden system for its App Store is meant to prevent the more nefarious forms of activity that can happen in freer markets, like the malware or ad-spam apps found in the Google Play Store. But the method for approving apps for sale has always been a black box, and lately, that box seems particularly hospitable to clones.

Agile Bits' "defender against the dark arts" Jeffrey Goldberg told Ars in an e-mail, "That certainly is not us. We’ve seen fake things before but nothing quite this egregious." The inside of the 1Password clone looks nothing like the inside of the real 1Password—in a casual attempt at security, the app asks users to set a pattern-based password, then takes them to a screen where they can manage photo albums. The app asked Ars for access to our photos, and we politely declined. But whether or not the app mimics functionality usually doesn't matter to clone-makers; it's the outside that counts.

The 1Password cloner's other works, the majority of which are also clones.

Last fall, Ars covered the cloning spree that followed the success of the app A Beautiful Mess. While an app's functionality is not usually the target, developers will often copy the name and the icon to take advantage of customers' confusion and earn a few quick bucks from retail sales or ads before getting kicked out of the store or caught by the real developers. App Store developers can't run riot with malware on a phone the way Play Store developers can, but they can use the app to harvest contacts or photos.

Even if developers submit a complaint to Apple, Apple tries to mediate a discussion rather than take immediate action. As A Beautiful Mess business manager Trey George told Ars at the time, "The crazy part is there wasn't much legally we could do."

Other apps in the 1Password clone's portfolio are New Afterlight, a clone of the popular photo editing app Afterlight, and Where is My Partner?, one of a handful of dubious-looking apps that purport to track the location of a phone given the name of its owner and the associated phone number (…right).

Unlike A Beautiful Mess, 1Password has long held a favorable standing with both Mac and iOS customers and is not an overnight success, so it's not difficult to see which developer is the real deal. The question is how long Apple will stay fooled by the app clone's good name and 90-degrees-rotated icon.